PkiEnvironmentHooks

public protocol PkiEnvironmentHooks : AnyObject, Sendable

The PKI Environment Hooks used for external calls during e2e enrollment flow. When communicating with the Identity Provider (IDP) and Wire server, CoreCrypto delegates to the client app by calling the relevant methods.

Client App CoreCrypto Acme IDP | | | | | X509CredentialAcquisition().finalize() | | |————————–>| | | | | GET acme/root.pem | | | |————————> | | | | 200 OK | | | |<———————— | | | authenticate() | | | |<————————–| | | | | Authentication flow | | | —————————————————————————-> | |<—————————————————————————– | | return Success [PKiEnvironmentHooks.authenticate()] | | |<————————–| | | | | (excluded several calls for brevity) | | return Success(Credential) [X509CredentialAcquisition().finalize()] | |<————————–| | |

  • Make an HTTP request Used for requests to ACME servers, CRL distributors etc.

    Declaration

    Swift

    func httpRequest(method: HttpMethod, url: String, headers: [HttpHeader], body: Data) async throws -> HttpResponse

  • Authenticate with the user’s identity provider (IdP)

    The implementation should perform an authentication using the authorization code flow with the PKCE (https://www.rfc-editor.org/rfc/rfc7636) extension. As part of the authorization request, the implementation should specify key_auth and acme_aud claims, along with their values, in the claims parameter. This is to instruct the IdP to add the key_auth and acme_aud claims to the ID token that will be returned as part of the access token.

    Once the authentication is completed successfully, the implementation should request an access token from the IdP, extract the ID token from it and return it to the caller.

    Declaration

    Swift

    func authenticate(idp: String, keyAuth: String, acmeAud: String) async throws -> String
  • getBackendNonce() Asynchronous

    Get a nonce from the backend

    Declaration

    Swift

    func getBackendNonce() async throws -> String

  • Fetch an access token to be used for the DPoP challenge (wire-dpop-01)

    The implementation should take the provided DPoP token (dpop) and make a request to the backend to obtain an access token, which should be returned to the caller.

    Declaration

    Swift

    func fetchBackendAccessToken(dpop: String) async throws -> String